Scientific Linux Security Update : thunderbird on SL6.x i686/x86_64 (2020:5164)

The remote Scientific Linux 6 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2020:5164-1 advisory. - Mozilla: Write side effects in MCallGetProperty opcode not accounted for CVE-2020-26950 Note that Nessus has not tested for this issue but has instead...

Scientific Linux Security Update : net-snmp on SL6.x i686/x86_64 (2020:5129)

The remote Scientific Linux 6 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2020:5129-1 advisory. - net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution CVE-2020-15862 Note that Nessus has not tested for this...

Scientific Linux Security Update : microcode_ctl on SL6.x i686/x86_64 (2020:5084)

The remote Scientific Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5084-1 advisory. - hw: Vector Register Leakage-Active CVE-2020-8696 - hw: Fast forward store predictor CVE-2020-8698 Note that Nessus has not tested for this issu...

Scientific Linux Security Update : thunderbird on SL6.x i686/x86_64 (2020:4947)

The remote Scientific Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:4947-1 advisory. - Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 CVE-2020-15683 - chromium-browser: Use after free in WebRTC CVE-2020-15969...

Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20201012)

Security Fixes : - bind: truncated TSIG response can lead to an assertion failure CVE-2020-8622 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid141412; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate"...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20201001)

Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 CVE-2020-15673 - Mozilla: XSS when pasting attacker-controlled data into a contenteditable element CVE-2020-15676 - Mozilla: Download origin spoofing via redirect CVE-2020-15677 - Mozilla: When recursing throu...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200826)

Security Fixes : - kernel: NULL pointer dereference in searchkeyring CVE-2017-2647 - kernel: heap-based buffer overflow in lbsibssjoinexisting function in drivers/net/wireless/marvell/libertas/cfg.c CVE-2019-14896 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200826)

Security Fixes : - Mozilla: Attacker-induced prompt for extension installation CVE-2020-15664 - Mozilla: Use-After-Free when aborting an operation CVE-2020-15669 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid139893;...

Scientific Linux Security Update : postgresql-jdbc on SL6.x (noarch) (20200803)

Security Fixes : - postgresql-jdbc: XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid139353; scriptversion"1.3";...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200730)

Security Fixes : - chromium-browser: Use after free in ANGLE CVE-2020-6463 - chromium-browser: Inappropriate implementation in WebRTC CVE-2020-6514 - Mozilla: Potential leak of redirect targets when loading scripts in a worker CVE-2020-15652 - Mozilla: Memory safety bugs fixed in Firefox 79 and...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200716)

Security Fixes : - Mozilla: Information disclosure due to manipulated URL object CVE-2020-12418 - Mozilla: Use-after-free in nsGlobalWindowInner CVE-2020-12419 - Mozilla: Use-After-Free when trying to connect to a STUN server CVE-2020-12420 - Mozilla: Add-On updates did not respect the same...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200707)

Security Fixes : - Mozilla: Information disclosure due to manipulated URL object CVE-2020-12418 - Mozilla: Use-after-free in nsGlobalWindowInner CVE-2020-12419 - Mozilla: Use-After-Free when trying to connect to a STUN server CVE-2020-12420 - Mozilla: Add-On updates did not respect the same...

Scientific Linux Security Update : unbound on SL6.x i386/x86_64 (20200622)

Security Fixes : - unbound: amplification of an incoming query into a large number of queries directed to a target CVE-2020-12662 - unbound: infinite loop via malformed DNS answers received from upstream servers CVE-2020-12663 C Tenable Network Security, Inc. The descriptive text is C Scientific...

Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20200611)

tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid137533; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200610)

Security Fixes : - kernel: NULL pointer dereference due to KEYCTLREAD on negative key CVE-2017-12192 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid137347; scriptversion"1.3";...

Scientific Linux Security Update : microcode_ctl on SL6.x i386/x86_64 (20200610)

Security Fixes : - hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 - hw: L1D Cache Eviction Sampling CVE-2020-0549 - hw: Vector Register Data Sampling CVE-2020-0548 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description...

Scientific Linux Security Update : freerdp on SL6.x i386/x86_64 (20200609)

Security Fixes : - freerdp: Out-of-bounds write in cryptorsacommon in libfreerdp/crypto/crypto.c CVE-2020-13398 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid137292; scriptversion"1.4";...

Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20200603)

Security Fixes : - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals CVE-2020-8616 - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c CVE-2020-8617 C Tenable Network Security, Inc. The...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200511)

Security Fixes : - Mozilla: Use-after-free during worker shutdown CVE-2020-12387 - Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 CVE-2020-12395 - usrsctp: Buffer overflow in AUTH chunk input validation CVE-2020-6831 - Mozilla: Arbitrary local file access with 'Copy as cURL'...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200422) (Stack Clash)

Security Fixes : - kernel: rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow CVE-2019-17666 - kernel: offset2lib allows for the stack guard page to be jumped over CVE-2017-1000371 C Tenable Network Security...